"IOS" MD5 encryption and network data security

While doing Web applications,,keep users ' data safe at all times,so be encrypted. MD5the algorithm is used in many domestic. 
features of the MD5 algorithm :*the same dataencryption results are the sameof the.( +of characters)*Non-reversible. (cannot reverse decrypt)*can be used for file verification/Fingerprint Identification.
The MD5 algorithm is public, and the MD5 algorithm is already packaged in iOS. it can be written as a string classification:

-(NSString *) md5string{const char *string = self. Utf8string;int length = (int) strlen (string); unsigned char bytes[cc_md5_digest_length]; CC_MD5 (string, length, bytes); return [self stringfrombytes:bytes length:cc_md5_digest_length];}

It is important to encrypt the user's login data in an iOS program. To do so, even if the data is hijacked, the original data can not be restored to the point.
one, ordinary MD5 encryption
too simple MD5 encryption can easily be cracked. Typically used when MD5 encryption is performed "Add Seasoning"the method.
simple MD5 can be cracked on this website:Www.cmd5.com
Here's how to do MD5 encryption: where tokenA string that is added, which can be a grotesque string of any length.

-(ibaction) Login: (UIButton *) sender {[self postlogin];} /** when submitting user data, it is relatively safe to post. Also convert user data to model best */-(void) Postlogin {//1.urlnsstring *urlstr = [NSString stringwithformat:@] http://localhost/login.php "]; Nsurl *url = [Nsurl urlwithstring:urlstr];//2. Build mutablerequestnsmutableurlrequest *request = [NSMutableURLRequest REQUESTWITHURL:URL];//3. Set the request.  HttpMethod = @ "POST";//The request body can be found in firebug nsstring *pwd = self.userpwd.text;//First add salt, with MD5 encryption.  (The server simply stores salt and encryption to save the line). In reality there is a public/private key, and the server is not simply storing the password. PWD = [pwd Stringbyappendingstring:token];p wd = [pwd md5string]; NSLog (@ "%@", PWD); NSString *body = [NSString stringwithformat:@ "username=%@&password=%@", Self.userName.text, Pwd];request. Httpbody = [Body DATAUSINGENCODING:NSUTF8STRINGENCODING];//4. Establish a connection. (data is the fetch, same as Get) [Nsurlconnection sendasynchronousrequest:request Queue:[[nsoperationqueue alloc] init] Completionhandler: ^ ( Nsurlresponse *response, NSData *data, Nserror *connectionerror) {nsstring *str = [[NSString alloc] InitWithData:data EncodiNg:nsutf8stringencoding];    NSLog (@ "%@,%@", [Nsthread CurrentThread], str);        The update display needs to be in the main thread [[Nsoperationqueue mainqueue] Addoperationwithblock: ^{self.label.text = str; NSLog (@ "%@,%@", [Nsthread CurrentThread], str);}];}];}

Ii. A more advanced approach
Use the concept of public and private keys.
aPublic Key(all know),aprivate Key(only the server knows for itself).The password needs to change dynamically..*User:withtoken+Time to encrypt,Transfer to server*Server:Remove user Password(encrypt with private key when storing),Use time+The public key is compared with the password sent by the client.(The server also checks the time difference between sending the password,1minutes or less)
See note For details: excerpt from Lao Liu.

-(ibaction) Login: (ID) sender{nsstring *pwd = Self.pwdText.text;    For MD5 encryption pwd = [pwd Stringbyappendingstring:token]; It's the same every time!    For example: Hackers intercept the data in the router//will be able to get encrypted password!        PWD = [pwd md5string];    In the background of the server, the MD5 cipher string pwd = [NSString stringwithformat:@ "%@%@%@", pwd, PublicKey, @ "2014062914:14:30") is saved with the private key salt processing;        Using dates, you can guarantee that the strings generated by encryption are not the same as PWD = [pwd md5string]; Content submitted to the server: The new password, the event that generated the password, the processing of the/** server: 1. Remove the user's password from the server (which is encrypted with the private key) 2. The server knows the shared key and compares it to the client-submitted password by a given time (dynamically generating a new password) of 3.     The server also needs to check the event difference of the committed password, which is within 1 minutes of the date submitted by the client.        */NSLog (@ "%@", PWD); [Self PostLogonWithUserName:self.userNameText.text password:pwd];} #pragma mark-post Login-(void) Postlogonwithusername: (NSString *) userName Password: (NSString *) password{//1. URL NSS    Tring *urlstr = @ "http://192.168.25.2/login.php";        Nsurl *url = [Nsurl urlwithstring:urlstr]; 2.   Request,post method, need to establish a variable request nsmutableurlrequest *request = [Nsmutableurlrequest Requestwithurl:url];     1> Post method, all data transfer involving user's privacy, all need to submit by post! Request.        HttpMethod = @ "POST";        2> data body NSString *bodystr = [NSString stringwithformat:@ "username=%@&password=%@", username, password]; Converts a string into a binary data request.        Httpbody = [Bodystr datausingencoding:nsutf8stringencoding]; 3. Send an "asynchronous" request to work on another thread without blocking the current thread to execute [nsurlconnection sendasynchronousrequest:request queue:[[nsoperationqueue alloc] init] completionhandler:^ (Nsurlresponse *response, NSData *data, Nserror *connectionerror) {//1> JSON, format Yes and Nsdictiona RY Fast Packaging format very//convert JSON to dictionary serialization nsdictionary *dict = [nsjsonserialization jsonobjectwithdata:data op                Tions:1 Error:null];                Czuserinfo *userinfo = [Czuserinfo userinfowithdict:dict];    NSLog (@ "%@%@", Userinfo.userid, Userinfo.username);        }]; NSLog (@ "=======");}

Reprint Please specify the Source:http://blog.csdn.net/xn4545945